1. General Information

1. This Privacy Policy applies to the website available at the following URL: codema.io
2. The operator of the website and the Data Controller is:
   Codema Sp. z o.o., Wolska 11, 20-411 Lublin, Poland
3. Contact email: info@codema.io
4. The Operator acts as the Controller of your personal data with regard to the data you voluntarily submit via the Website.
5. Personal data is processed for the following purposes:
   a. Responding to enquiries via contact forms
   b. Presenting commercial offers or other information
6. The Website collects information about users and their behavior in the following ways:
   a. Through data voluntarily provided in forms, which are subsequently entered into the Operator’s systems
   b. Through the storage of cookies on user end-devices

2 Selected data protection methods used by the Operator

1. Login areas and places where personal data is entered are protected at the transmission layer (SSL certificate). This ensures that personal data and login credentials entered on the website are encrypted on the user’s device and can only be read on the destination server.
2. Personal data stored in the database is encrypted in such a way that only the Operator, who holds the decryption key, can access it. This ensures that the data remains protected in the event of a database breach or theft from the server.
3. User passwords are stored in a hashed form. The hashing function is one-way – it cannot be reversed, which is the current standard practice for secure password storage.
4. The Operator regularly changes its administrative passwords.
5. Regular backups are made to ensure data security.
6. An important aspect of data protection is the regular updating of all software used by the Operator to process personal data, which specifically includes regular updates of software components.

3. Hosting

1. The Website is technically maintained on servers operated by cyberFolks.pl.
2. To ensure technical reliability, the hosting company maintains server-level logs. The following data may be recorded:
   a. resources identified by a URL (addresses of requested pages or files),
   b. time the request was received,
   c. time the response was sent,
   d. client workstation name – identified via the HTTP protocol,
   e. information about errors that occurred during the HTTP transaction,
   f. URL of the previously visited page (referrer link) – if the user accessed the Website via a link,
   g. information about the user’s browser,
   h. IP address information,
   i. diagnostic information related to the self-service ordering of services via forms on the website,
   j. information related to email communication sent to or from the Operator.

4. Your rights and additional information on data usage

1. In certain situations, the Controller has the right to share your personal data with other recipients if it is necessary for the performance of a contract concluded with you or to fulfill the Controller’s legal obligations. This applies to the following categories of recipients:
   a. authorized employees and collaborators who use the data in order to fulfill the purpose of the website’s operation
   b. companies providing marketing services on behalf of the Controller
2. Your personal data is processed by the Controller no longer than necessary to carry out the activities related to it, as defined by applicable regulations (e.g., accounting laws). With regard to marketing data, it will not be processed for more than 3 years.
3. You have the right to request the following from the Controller:
   a. access to your personal data,
   b. rectification of your data,
   c. deletion of your data,
   d. restriction of processing,
   e. data portability.
4. You have the right to object to the processing referred to in point 3.2, specifically to the processing of your personal data for the purposes of the legitimate interests pursued by the Controller, including profiling. However, this right to object does not apply if there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms — in particular, the establishment, exercise, or defense of legal claims.
5. You have the right to lodge a complaint against the Controller’s actions with Urząd Ochrony Danych Osobowych Stawki 2, 00-193 Warsaw, Poland.
6. Providing data is voluntary but necessary for website use.
7. You may be subject to decisions based solely on automated processing, including profiling, for the purpose of providing services under the contract and for the Controller’s direct marketing activities.
8. Personal data is not transferred to third countries within the meaning of data protection regulations. This means that we do not transfer your data outside the European Union.

5. Information collected via forms

1. The website collects information voluntarily provided by the user, including personal data, if such data is submitted.
2. The website may record information about connection parameters (such as timestamp and IP address).
3. In certain cases, the website may store information that helps associate form data with the email address of the user filling out the form. In such cases, the user’s email address may appear within the URL of the page containing the form.
4. The data provided in the form is processed for the purpose specified by the particular form’s function — for example, to handle a service request, facilitate commercial contact, or register for services. In each case, the context and description of the form clearly indicate its intended purpose.

6. Administrator logs

1. Information about user behavior on the website may be logged. This data is used for website administration purposes.

7. Key marketing techniques

1. The Operator uses statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The Operator does not provide any personal data to the provider of this service – only anonymized information. The service relies on the use of cookies stored on the user’s end device. With regard to user preference data collected by the Google advertising network, users can view and edit information derived from cookies using the following tool: https://www.google.com/ads/preferences/
2. The Operator uses remarketing techniques that allow advertising messages to be tailored to the user’s behavior on the website. This may give the impression that personal data is being used to track the user; however, in practice, no personal data is transferred from the Operator to advertising providers. The use of such technologies requires cookies to be enabled in the user’s browser.
3. The Operator uses the Facebook Pixel. This technology enables Facebook (Facebook Inc., based in the USA) to recognize that a registered user is visiting the Website. In this case, Facebook relies on data for which it is the data controller. The Operator does not share any additional personal data with Facebook. This service is based on the use of cookies stored on the user’s end device.
4. The Operator uses a tool that monitors user behavior by generating heat maps and recording activity on the website. This information is anonymized before being transmitted to the service provider, so the provider cannot identify the individual user. In particular, passwords and other personal data entered on the site are not recorded.
5. The Operator uses automation tools to enhance the Website’s functionality in relation to users — for example, to send an email to a user after they visit a specific subpage, provided the user has consented to receiving commercial communications from the Operator.

8. Information about cookies

1. The website uses cookies.
2. Cookies are IT data, in particular text files, which are stored on the User’s end device and are intended for use with the websites of the Service. Cookies typically contain the name of the website from which they originate, the duration of their storage on the end device, and a unique identifier.
3. The entity placing cookies on the User’s end device and accessing them is the operator of the Service.
4. Cookies are used for the following purposes:
   a. to maintain the User’s session within the Service (after logging in), which prevents the User from having to re-enter their login and password on each subpage of the Service;
   b. to fulfill the purposes specified above in the section titled “Key Marketing Techniques”
5. Within the Service, two basic types of cookies are used: “session” cookies and “persistent” cookies.
   Session cookies are temporary files that are stored on the User’s end device until they log out, leave the website, or close the browser.
   Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
6. Web browsing software (web browsers) typically allows cookies to be stored on the User’s end device by default. Users of the Service may change their cookie settings at any time. Web browsers allow for the deletion of cookies, and it is also possible to automatically block cookies. Detailed information on this topic can be found in the help section or documentation of the web browser.
7. Restrictions on the use of cookies may affect some of the functionalities available on the Service’s websites.
8. Cookies placed on the User’s end device may also be used by entities cooperating with the Service operator, in particular companies such as: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter (Twitter Inc., based in the USA).

9. Managing cookies – how to give and withdraw consent in practice

1. If the user does not wish to receive cookies, they can change the settings of their web browser. Please note that disabling cookies that are essential for authentication, security, or storing user preferences may hinder the operation of the website, or in extreme cases, make it impossible to use certain website features.
2. To manage your cookie settings, select your web browser from the list below and follow the provided instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

Mobile devices:

• Android
• Safari (iOS)
• Windows Phone

This policy template has been generated free of charge for informational purposes, based on our knowledge, industry practices, and legal regulations in force as of 2018-08-14. We recommend reviewing the template before using it on your website. The template is based on the most common situations found on websites but may not fully or accurately reflect the specific nature of your site. Please read the generated document carefully and adjust it to your particular situation if necessary, or seek legal advice. We do not take responsibility for the consequences of using this document, as only you can ensure that all information contained herein is truthful and up to date. Please also note that even the best Privacy Policy is only one element of protecting personal data and user privacy on your website.